CVE-2024-41597

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality...

Denial Of Service (DoS)

processwire/processwire is vulnerable to Denial of Service. The vulnerability is due to automatic extraction of user-supplied ZIP files uploaded via Language Support without size or resource limits prior to validation, which allows an attacker with low privileges to upload a crafted ZIP and trigg...